3 advisories tracked · MikroTik Security Announcements + NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in MikroTik's recent advisories.
MikroTik Security Announcements + NVD
MikroTik publishes official security announcements at mikrotik.com/supportsec, but the page is JavaScript-rendered with no feed, and MikroTik CVEs are assigned by several CNAs — so VulniPulse ingests them from NVD (keyword-filtered to MikroTik products, noise-dropped unless a RouterOS/SwOS/hardware product is named) and links each CVE back to its official mikrotik.com/supportsec page when one exists. Covers RouterOS (v6/v7), SwOS, Winbox, The Dude and MikroTik router/switch hardware (hEX, CCR, CRS, cAP, wAP) — an enormous ISP/WISP fleet that botnets like Mēris actively target.
Visit MikroTik security advisoriesAn issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.